YourITDepo Page Menu

WP Platinum Blog

The Morto A worm is having continued success despite its reliance on a list of lame passwords to take over victim machines.

In order for the worm to be effective, the administrative password for a machine under attack has to be one of 37 of the worst passwords ever (see below) that it carries in a weak brute-force library.

Yet the worm, which takes over control of remote computers by guessing the password for Microsoft Remote Desktop, continues to spread, according to security watchdogs.

Once attackers gain control of machines they can be used for denial of service attacks, according to a Microsoft alert about the worm.

In addition targeting only the lowest hanging fruit, Morto A is notable for being a rare Internet worm, says Mikko Hypponen, chief research officer for F-Secure, in a blog post.

He says it is groundbreaking in that it attacks via remote desktop protocol, something he hasn’t seen before. Once a machine is infected, it scans port 3389 (RDP) on its subnet, seeking other machines with Remote Desktop Connection enabled. It tries its list of passwords, Microsoft says, and when it is successful, shuts down processes associated with security products.

An easy way to discover that machines on a network are infected is to monitor for bursts of port 3389 activity, Microsoft says.

All Platinum Categories

All Platinum Tags

Archive for August 29th, 2011

The Morto A worm is having continued success despite its reliance on a list of lame passwords to take over victim machines.

In order for the worm to be effective, the administrative password for a machine under attack has to be one of 37 of the worst passwords ever (see below) that it carries in a weak brute-force library.

Yet the worm, which takes over control of remote computers by guessing the password for Microsoft Remote Desktop, continues to spread, according to security watchdogs.

Once attackers gain control of machines they can be used for denial of service attacks, according to a Microsoft alert about the worm.

In addition targeting only the lowest hanging fruit, Morto A is notable for being a rare Internet worm, says Mikko Hypponen, chief research officer for F-Secure, in a blog post.

He says it is groundbreaking in that it attacks via remote desktop protocol, something he hasn’t seen before. Once a machine is infected, it scans port 3389 (RDP) on its subnet, seeking other machines with Remote Desktop Connection enabled. It tries its list of passwords, Microsoft says, and when it is successful, shuts down processes associated with security products.

An easy way to discover that machines on a network are infected is to monitor for bursts of port 3389 activity, Microsoft says.

WP Platinum Search

Search WP Platinum:

What is Your IT Depo?

The premier local Information Technology Services Company Servicing Garrett County and surrounding areas. We handle "Everything IT" and more, for our customers. Services range from basic consumer service to Enterprise level support for your business, at fraction of the cost. Email or call us today and don't worry YourITDepo is here.